bug with SSLVerifyClient and RHEL4's mod_ssl / apache ?
Paul Dekkers
Paul.Dekkers at surfnet.nl
Wed Mar 1 08:55:02 UTC 2006
Hi,
Is there a known problem under RHEL4 with mod_ssl and/or apache and the
use of "SSLVerifyClient" like in:
SSLVerifyClient optional_no_ca
... when a client-certificate is used/accepted by the server in some
cases users get a blank page, a strange DNS error from IE or a
connection error from Firefox and/or missing images. The site remains
unavailable for a while using SSL.
If I disable the above option from my (for the rest rather basic) ssl
config the problem disappears.
I don't see any strange errors in my logs. In fact: I don't see anything
at all, while running tcpdump I see traffic coming in, but nothing is
recorded in apache's logs.
If I use apache and mod_ssl 2.0.55 on a FreeBSD machine with identical
configuration (just copied it) the problem disappears! The use is
identical (I just replaced the host.) The ssl version is a bit
different, that's the most related thing I could think of.
Continue with FreeBSD is probably our best (and/or only) option (without
debugging much further), but I'm curious if this is a known problem,
and/or if it is fixed in an upcoming release. I couldn't find anything
related in bugzilla.
Paul
P.S. The machine runs tomcat 5.5 too, I don't think this is somehow
related, but you never know ;-)
More information about the redhat-list
mailing list